Phishing Attacks 13_6_2021
(1)
|
Sender ip |
195.133.18.153 |
|
From |
"brento
<brenton@birdon.com.au>" |
|
Subject |
"RE: pago devuelto." |
|
Attachment |
"Detalles del
pago.pdf______________________________.gz" |
|
MD5 |
60ce782d8c140b615213c5a6c7439f0d |
|
SHA256 |
9ed3b4a1f25328f29981f22200b31679e9d0cbfa056578836e398781ca7f93f9 |
|
Family |
Loki |
(2)
|
Sender ip |
188.225.83.191 |
|
From |
"Julie-Ann
<sms@fashionprofile.in>" |
|
Subject |
"Purchase Order A00362" |
|
Attachment |
"00010200390_0192021.pdf.r00" |
|
MD5 |
567d3152ce52b2492ade03fb1879cd8b |
|
SHA256 |
11b6828bafc1ad822f64a2fd6d36df2825f91b62a9f8e55b5ef396ae8f36fb2f |
|
Family |
SnakeKeylogger |
(3)
|
Sender ip |
45.137.22.36 |
|
From |
"KCTC International Ltd"
<bhilosha@indianmetalnalloys.com>" |
|
Subject |
"Revise Invoice to Euro
Currency//Provide Euro Bank Details" |
|
Attachment |
"KCTC International Ltd.zip" |
|
MD5 |
95a7490c9178c4adda884a3c1c101f21 |
|
SHA256 |
ce6635b0dac51b6cd810ba3232f2cadae9257c36daef19159b305b96497781c2 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(4)
|
Sender ip |
185.222.57.171 |
|
From |
"Fawwaz Sawan
<Fawwaz.Sawan@sib.ae>" |
|
Subject |
"Payment was returned" |
|
Attachment |
"Proforma Invoice.r00" |
|
MD5 |
53e32e0585e6e6f350acd5559a16ea4b |
|
SHA256 |
97d1d1810e3e4b893c8fd9a223ef8dda55a0817b02eddf39c8b1d651e9c06756 |
|
Family |
SnakeKeylogger |
(5)
|
Sender ip |
142.93.105.132 |
|
From |
"Sales"<info@server-mesearch.xyz>" |
|
Subject |
"RE: RE: the latest price
lis" |
|
Attachment |
"Price List.IMG" |
|
MD5 |
6d454d32d0f7082b1501237c76b5d9db |
|
SHA256 |
4d86f59ed10aea0a69e3eec23bb424fc19c8bb6e998f0034df66a0a260d3282c |
|
Family |
Formbook |
(6)
|
Sender ip |
185.222.57.244 |
|
From |
"Jong, Alice"
<alice.jong@corbion.com>" |
|
Subject |
"Shipping Doc ... RE: Revised
Shipment details OA 14214 - LC Cable for Proforma Invoice No. 14214" |
|
Attachment |
"Proforma Invoice No.
14214.r00" |
|
MD5 |
d18408259775442e03bb7eb9b7a74bb9 |
|
SHA256 |
87876762e8b346df599bec5396da2cbaf7fb71236c2e77850d9edbae6aa9e906 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(7)
|
Sender ip |
45.137.22.101 |
|
From |
"UniCredit Bank"
<remittance@unicreditgroup.eu>" |
|
Subject |
"Payment Swift Copy
Notification" |
|
Attachment |
"Payment Advice.zip" |
|
MD5 |
4851e7c2b7701a6ebc793392fe8ad21e |
|
SHA256 |
b731a3e00ffad3116a3fa57992b948a94734278487405c877d9d902b1f3155dd |
|
Family |
SnakeKeylogger |
(8)
|
Sender ip |
159.203.91.46 |
|
From |
"pandey
Raveendra"<reply@linkedinmessages.com>" |
|
Subject |
"Fwd: FINAL BALANCE PAYMENT SWIFT
COPY $.16,436.40" |
|
Attachment |
"SPECIALISED SWIFT.iso" |
|
MD5 |
9b2a82117289990dba47902ced3fce91 |
|
SHA256 |
6ba8016a065bf59fd4139d72d684b0b90f882c1256d4bee681ee6e84bab17446 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
(9)
|
Sender ip |
185.222.57.171 |
|
From |
"Logistica Farmamundi
<logistica@farmamundi.org>" |
|
Subject |
"El pago fue devuelto" |
|
Attachment |
"Factura de proforma.r00" |
|
MD5 |
1f29be41fd258c98132b0ae9adf210eb |
|
SHA256 |
fc6d78bd78a5e42e7d1d2645aec3e437a90925635abde501c8a2ff2c8218293f |
|
Family |
SnakeKeylogger |
(10)
|
Sender ip |
185.222.57.79 |
|
From |
"lingjing.wang@vahle.com.cn" |
|
Subject |
"RE: WRONG IBAN/PAYMENT
RETURNED" |
|
Attachment |
"GS998M37BeqAVyf.zip" |
|
MD5 |
80819ac7d6f73b2bcbfd4c088eb12d80 |
|
SHA256 |
2c74c934d6e8da3e5968ea367270bf40415ae4a3046b4c504cc694b98a6bf528 |
|
Family |
AgentTesla |
If you wanna know how to analysis AgentTesla Malware you can check my analysis in YouTube AgentTesla.
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Thank you ♥
YouTube channel
https://www.youtube.com/channel/UCParXHaBXBmqRdHuVUg21pA
Comments
Post a Comment